VYPR

Vendor CVEs

Adobe Inc.

All CVEs

7,428 total · sorted by risk
  • CVE-2018-19724MedJan 28, 2019
    risk 0.40cvss 6.1epss 0.02

    Adobe Experience Manager Forms versions 6.2, 6.3 and 6.4 have a stored cross-site scripting vulnerability. Successful exploitation could lead to sensitive information disclosure.

  • CVE-2018-15973MedOct 17, 2018
    risk 0.40cvss 6.1epss 0.02

    Adobe Experience Manager versions 6.4, 6.3, 6.2, 6.1, and 6.0 have a stored cross-site scripting vulnerability. Successful exploitation could lead to sensitive information disclosure.

  • CVE-2018-15972MedOct 17, 2018
    risk 0.40cvss 6.1epss 0.02

    Adobe Experience Manager versions 6.4, 6.3, 6.2, 6.1, and 6.0 have a stored cross-site scripting vulnerability. Successful exploitation could lead to sensitive information disclosure.

  • CVE-2018-15971MedOct 17, 2018
    risk 0.40cvss 6.1epss 0.02

    Adobe Experience Manager versions 6.4, 6.3, 6.2, 6.1, and 6.0 have a reflected cross-site scripting vulnerability. Successful exploitation could lead to sensitive information disclosure.

  • CVE-2018-15970MedOct 17, 2018
    risk 0.40cvss 6.1epss 0.02

    Adobe Experience Manager versions 6.4, 6.3, 6.2, 6.1, and 6.0 have a reflected cross-site scripting vulnerability. Successful exploitation could lead to sensitive information disclosure.

  • CVE-2018-15969MedOct 17, 2018
    risk 0.40cvss 6.1epss 0.02

    Adobe Experience Manager versions 6.4, 6.3, 6.2, 6.1, and 6.0 have a stored cross-site scripting vulnerability. Successful exploitation could lead to sensitive information disclosure.

  • CVE-2018-5005MedSep 6, 2018
    risk 0.40cvss 6.1epss 0.04

    Adobe Experience Manager versions 6.4, 6.3, 6.2, 6.1, and 6.0 have a Cross-site Scripting vulnerability. Successful exploitation could lead to sensitive information disclosure.

  • CVE-2018-12806MedAug 29, 2018
    risk 0.40cvss 6.1epss 0.04

    Adobe Experience Manager versions 6.4, 6.3, 6.2, 6.1, and 6.0 have a reflected cross-site scripting vulnerability. Successful exploitation could lead to sensitive information disclosure.

  • CVE-2018-4941MedMay 19, 2018
    risk 0.40cvss 6.1epss 0.02

    Adobe ColdFusion Update 5 and earlier versions, ColdFusion 11 Update 13 and earlier versions have an exploitable Cross-Site Scripting vulnerability. Successful exploitation could lead to information disclosure.

  • CVE-2018-4940MedMay 19, 2018
    risk 0.40cvss 6.1epss 0.02

    Adobe ColdFusion Update 5 and earlier versions, ColdFusion 11 Update 13 and earlier versions have an exploitable Cross-Site Scripting vulnerability. Successful exploitation could lead to information disclosure.

  • CVE-2018-4931MedMay 19, 2018
    risk 0.40cvss 6.1epss 0.02

    Adobe Experience Manager versions 6.1 and earlier have an exploitable stored cross-site scripting vulnerability. Successful exploitation could lead to sensitive information disclosure.

  • CVE-2018-4930MedMay 19, 2018
    risk 0.40cvss 6.1epss 0.02

    Adobe Experience Manager versions 6.3 and earlier have an exploitable Cross-site scripting vulnerability. Successful exploitation could lead to sensitive information disclosure.

  • CVE-2018-4929MedMay 19, 2018
    risk 0.40cvss 6.1epss 0.02

    Adobe Experience Manager versions 6.2 and earlier have an exploitable stored cross-site scripting vulnerability. Successful exploitation could lead to sensitive information disclosure.

  • CVE-2018-4921MedMay 19, 2018
    risk 0.40cvss 6.1epss 0.04

    Adobe Connect versions 9.7 and earlier have an exploitable unrestricted SWF file upload vulnerability. Successful exploitation could lead to information disclosure.

  • CVE-2018-4876MedFeb 27, 2018
    risk 0.40cvss 6.1epss 0.05

    Adobe Experience Manager versions 6.3, 6.2, and 6.1 are vulnerable to cross-site scripting via a bypass of the Sling XSSAPI#getValidHref function.

  • CVE-2018-4875MedFeb 27, 2018
    risk 0.40cvss 6.1epss 0.03

    Adobe Experience Manager versions 6.1 and 6.0 are vulnerable to a reflected cross-site scripting vulnerability related to the handling of malicious content embedded in image files uploaded to the DAM.

  • CVE-2017-3109MedDec 9, 2017
    risk 0.40cvss 6.1epss 0.03

    An issue was discovered in Adobe Experience Manager 6.3, 6.2, 6.1, 6.0. Adobe Experience Manager has a reflected cross-site scripting vulnerability in the HtmlRendererServlet.

  • CVE-2017-11296MedDec 9, 2017
    risk 0.40cvss 6.1epss 0.03

    An issue was discovered in Adobe Experience Manager 6.3, 6.2, 6.1, 6.0. A cross-site scripting vulnerability in Apache Sling Servlets Post 2.3.20 has been resolved in Adobe Experience Manager.

  • CVE-2017-11290MedDec 9, 2017
    risk 0.40cvss 6.1epss 0.03

    An issue was discovered in Adobe Connect 9.6.2 and earlier versions. A UI Redress (or Clickjacking) vulnerability exists. This issue has been resolved by adding a feature that enables Connect administrators to protect users from UI redressing (or clickjacking) attacks.

  • CVE-2017-11289MedDec 9, 2017
    risk 0.40cvss 6.1epss 0.03

    An issue was discovered in Adobe Connect 9.6.2 and earlier versions. A reflected cross-site scripting vulnerability exists that can result in information disclosure.

  • CVE-2017-11288MedDec 9, 2017
    risk 0.40cvss 6.1epss 0.03

    An issue was discovered in Adobe Connect 9.6.2 and earlier versions. A reflected cross-site scripting vulnerability exists that can result in information disclosure.

  • CVE-2017-11287MedDec 9, 2017
    risk 0.40cvss 6.1epss 0.03

    An issue was discovered in Adobe Connect 9.6.2 and earlier versions. A reflected cross-site scripting vulnerability exists that can result in information disclosure.

  • CVE-2017-3105MedDec 1, 2017
    risk 0.40cvss 6.1epss 0.03

    Adobe RoboHelp has an Open Redirect vulnerability. This affects versions before RH12.0.4.460 and RH2017 before RH2017.0.2.

  • CVE-2017-3104MedDec 1, 2017
    risk 0.40cvss 6.1epss 0.03

    Adobe RoboHelp has a cross-site scripting (XSS) vulnerability. This affects versions before RH12.0.4.460 and RH2017 before RH2017.0.2.

  • CVE-2017-11285MedDec 1, 2017
    risk 0.40cvss 6.1epss 0.03

    Adobe ColdFusion has a cross-site scripting (XSS) vulnerability. This affects Update 4 and earlier versions for ColdFusion 2016, and Update 12 and earlier versions for ColdFusion 11.

  • CVE-2017-3103MedJul 17, 2017
    risk 0.40cvss 6.1epss 0.03

    Adobe Connect versions 9.6.1 and earlier have a stored cross-site scripting vulnerability. Successful exploitation could lead to a stored cross-site scripting attack.

  • CVE-2017-3102MedJul 17, 2017
    risk 0.40cvss 6.1epss 0.03

    Adobe Connect versions 9.6.1 and earlier have a reflected cross-site scripting vulnerability. Successful exploitation could lead to a reflected cross-site scripting attack.

  • CVE-2017-3008MedApr 27, 2017
    risk 0.40cvss 6.1epss 0.03

    Adobe ColdFusion 2016 Update 3 and earlier, ColdFusion 11 update 11 and earlier, ColdFusion 10 Update 22 and earlier have a reflected cross-site scripting vulnerability.

  • CVE-2017-2969MedFeb 15, 2017
    risk 0.40cvss 6.1epss 0.02

    Adobe Campaign versions 16.4 Build 8724 and earlier have a cross-site scripting (XSS) vulnerability.

  • CVE-2017-2929MedJan 24, 2017
    risk 0.40cvss 6.1epss 0.04

    Adobe Acrobat Chrome extension version 15.1.0.3 and earlier have a DOM-based cross-site scripting vulnerability. Successful exploitation could lead to JavaScript code execution.

  • CVE-2016-7891MedDec 15, 2016
    risk 0.40cvss 6.1epss 0.03

    Adobe RoboHelp version 2015.0.3 and earlier, RoboHelp 11 and earlier have an input validation issue that could be used in cross-site scripting attacks.

  • CVE-2016-7884MedDec 15, 2016
    risk 0.40cvss 6.1epss 0.03

    Adobe Experience Manager versions 6.1 and earlier have an input validation issue in the DAM create assets that could be used in cross-site scripting attacks.

  • CVE-2016-7883MedDec 15, 2016
    risk 0.40cvss 6.1epss 0.03

    Adobe Experience Manager version 6.2 has an input validation issue in create Launch wizard that could be used in cross-site scripting attacks.

  • CVE-2016-7882MedDec 15, 2016
    risk 0.40cvss 6.1epss 0.03

    Adobe Experience Manager versions 6.2 and earlier have an input validation issue in the WCMDebug filter that could be used in cross-site scripting attacks.

  • CVE-2016-6934MedDec 15, 2016
    risk 0.40cvss 6.1epss 0.03

    Adobe Experience Manager Forms versions 6.2 and earlier, LiveCycle 11.0.1, LiveCycle 10.0.4 have an input validation issue in the PMAdmin module that could be used in cross-site scripting attacks.

  • CVE-2016-6933MedDec 15, 2016
    risk 0.40cvss 6.1epss 0.02

    Adobe Experience Manager Forms versions 6.2 and earlier, LiveCycle 11.0.1, LiveCycle 10.0.4 have an input validation issue in the AACComponent that could be used in cross-site scripting attacks.

  • CVE-2016-4170MedAug 9, 2016
    risk 0.40cvss 6.1epss 0.02

    Cross-site scripting (XSS) vulnerability in Adobe Experience Manager 5.6.1, 6.0, 6.1, and 6.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

  • CVE-2016-4168MedAug 9, 2016
    risk 0.40cvss 6.1epss 0.02

    Cross-site scripting (XSS) vulnerability in Adobe Experience Manager 5.6.1, 6.0, and 6.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

  • CVE-2016-4164MedJun 16, 2016
    risk 0.40cvss 6.1epss 0.01

    Cross-site scripting (XSS) vulnerability in Adobe Brackets before 1.7 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

  • CVE-2016-4159MedJun 16, 2016
    risk 0.40cvss 6.1epss 0.02

    Cross-site scripting (XSS) vulnerability in Adobe ColdFusion 10 before Update 20, 11 before Update 9, and 2016 before Update 2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

  • CVE-2016-1113MedMay 11, 2016
    risk 0.40cvss 6.1epss 0.03

    Cross-site scripting (XSS) vulnerability in Adobe ColdFusion 10 before Update 19, 11 before Update 8, and 2016 before Update 1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

  • CVE-2016-1036MedApr 22, 2016
    risk 0.40cvss 6.1epss 0.02

    Cross-site scripting (XSS) vulnerability in Adobe Analytics AppMeasurement for Flash Library before 4.0.1, when debugTracking is enabled, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

  • CVE-2016-0955MedFeb 10, 2016
    risk 0.40cvss 6.1epss 0.01

    Cross-site scripting (XSS) vulnerability in Adobe Experience Manager (AEM) 6.1.0 allows remote authenticated users to inject arbitrary web script or HTML via a folder title field that is mishandled in the Deletion popup dialog.

  • CVE-2008-0642MedFeb 15, 2008
    risk 0.40cvss 6.1epss 0.01

    Cross-site scripting (XSS) vulnerability in files created by Adobe RoboHelp 6 and 7, possibly involving use of a (1) WebHelp5 (WebHelp5Ext) or (2) WildFire (WildFireExt) extension, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a…

  • CVE-2020-9708MedAug 14, 2020
    risk 0.39cvss 5.9epss 0.03

    The resolveRepositoryPath function doesn't properly validate user input and a malicious user may traverse to any valid Git repository outside the repoRoot. This issue may lead to unauthorized access of private Git repositories as long as the malicious user knows or brute-forces…

  • CVE-2018-12824MedAug 29, 2018
    risk 0.39cvss 5.9epss 0.11

    Adobe Flash Player 30.0.0.134 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure.

  • CVE-2016-1115MedMay 11, 2016
    risk 0.39cvss 5.9epss 0.02

    Adobe ColdFusion 10 before Update 19, 11 before Update 8, and 2016 before Update 1 mishandles wildcards in name fields of X.509 certificates, which might allow man-in-the-middle attackers to spoof servers via a crafted certificate.

  • CVE-2026-34694MedJun 9, 2026
    risk 0.38cvss 5.9epss 0.00

    Adobe Experience Manager Forms JEE versions LTS SP1, 6.5.24.0 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a high-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be…

  • CVE-2025-54265MedOct 14, 2025
    risk 0.38cvss 5.9epss 0.00

    Adobe Commerce versions 2.4.9-alpha2, 2.4.8-p2, 2.4.7-p7, 2.4.6-p12, 2.4.5-p14, 2.4.4-p15 and earlier are affected by an Incorrect Authorization vulnerability. An attacker could leverage this vulnerability to bypass security measures and gain unauthorized read access. Exploit…

  • CVE-2022-28851MedSep 30, 2022
    risk 0.38cvss 5.4epss 0.37

    Adobe Experience Manager versions 6.5.13.0 (and earlier) is affected by a reflected Cross-Site Scripting (XSS) vulnerability. If an attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context…

Page 73 of 149